Welcome

Cross Site Request Forgery (CSRF)
Nikita Makeyev, CoreCommerce

ASK: how many freelancers?ASK: How many business owners?

Cross Site Request What?

* Cross Site Request Forgery

* CSRF

* XSRF

* One-Click Attack

* Session Riding

How Does It Work?

Step 1:

Attacker finds a website that:performs an action upon a GET requestOR

performs an action upon a POST requestbut doesn't differentiate between POSTand GET data

How Does It Work?

Step 2:Attacker constructs a string that simulatesa server action request and includes it asa src of an image or a script on a bunch ofsites - blogs, forums, malicious sites, etc.

How Does It Work?

Step 3:Legitimate user accesseshttps://www.mybank.com/account.php,logs in and then happens to visit one ofthe compromised pages.

How Does It Work?

Step 4:Attacker checkshttps://www.mybank.com/account.phpevery day and attempts to use the forgotpassword feature using hostile@evil.com

What Makes It Possible?

Web developers aren't as familiar with this vulnerability as some other ones (XSS, SQL injection)

Site relying on user identity

Attacker able to find a form submission or a URL that performs action

Attacker must lure victim to a page with malicious code

Why Is It Dangerous?

Undetectable by automated scanners

No damage ceiling

The attack is silent

Easily mountable

Combines with XSS

How Do I Prevent It?

Do not use REQUEST

Only use POST to initiate actions

Checking the HTTP Referrer header

Use random server generated user-specific token in all form submission